Russian Federal Security Service (FSB) cyberspies, along with a new digital snooping team, have been conducting a massive online phishing espionage campaign against targets in the United States and Europe for the past two years, according to the University of Toronto's Citizen Lab.
Microsoft says Russian hackers are behind the latest phishing attack against the US government
In research published Wednesday, Citizen Lab attributed the campaign, dubbed River of Phish, to the FSB-backed COLDRIVER (aka Star Blizzard, UNC4057 and Callisto) along with a second group called COLDWASTREL.
The campaign started in 2022 with the aim of stealing user credentials and 2FA tokens from exiled Russian opposition figures and staff at Russian, US and European-based NGOs, as well as media, US think tanks and former government officials. .
It's the same target that COLDRIVER has been targeting in phishing campaigns since at least 2019, and the cyber spies have also repeatedly tried to influence Western elections over the years.
